=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN431
_____________________________________________________________________

DATE                      : 15/10/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows running Microsoft Excel.

======================================================================
KB956416
http://www.microsoft.com/technet/security/bulletin/ms08-057.mspx
______________________________________________________________________

Microsoft Security Bulletin MS08-057 - Critical

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
(956416)

   Published: October 14, 2008

   Version: 1.0

General Information

Executive Summary

   This security update resolves three privately reported vulnerabilities
   in Microsoft Office Excel that could allow remote code execution if a
   user opens a specially crafted Excel file. An attacker who
   successfully exploited these vulnerabilities could take complete
   control of an affected system. An attacker could then install
   programs; view, change, or delete data; or create new accounts with
   full user rights. Users whose accounts are configured to have fewer
   user rights on the system could be less impacted than users who
   operate with administrative user rights.

   This security update is rated Critical for all supported editions of
   Microsoft Office Excel 2000 and rated Important for all supported
   editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003,
   Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2007,
   Microsoft Office Compatibility Pack , Microsoft Office Excel Viewer,
   and Microsoft Office SharePoint Server 2007. For more information, see
   the subsection, Affected and Non-Affected Software, in this section.

   This security update addresses these vulnerabilities by modifying the
   way that Microsoft Excel performs validations when opening Excel
   files.

   Recommendation. Microsoft recommends that customers apply the update
   immediately.

Affected Software

   Excel 2000 Service Pack 3

   Excel 2002 Service Pack 3

   Excel 2003 Service Pack 2

   Excel 2003 Service Pack 3

   Excel 2007

   Excel 2007 Service Pack 1

   Microsoft Office Excel Viewer 2003

   Microsoft Office Excel Viewer 2003 Service Pack 3

   Microsoft Office Excel Viewer

   Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
   2007 File Formats

   Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint
   2007 File Formats Service Pack 1

   Microsoft Office SharePoint Server 2007

   Microsoft Office SharePoint Server 2007 Service Pack 1

   Microsoft Office SharePoint Server 2007 x64 Edition

   Microsoft Office SharePoint Server 2007 x64 Edition Service Pack 1

   Microsoft Office 2004 for Mac

   Microsoft Office 2008 for Mac

   Open XML File Format Converter for Mac

Vulnerability Information

Calendar Object Validation Vulnerability - CVE-2008-3477

   A remote code execution vulnerability exists in the way Excel
   processes a VBA Performance Cache. The vulnerability could allow
   remote code execution if a user opens a specially crafted Excel file
   in a VBA Performance Cache. An attacker who successfully exploited
   this vulnerability could take complete control of an affected system.
   An attacker could then install programs; view, change, or delete data;
   or create new accounts with full user rights.

Workarounds for Calendar Object Validation Vulnerability - CVE-2008-3477

   Use the Microsoft Office Isolated Conversion Environment (MOICE) when
   opening files from unknown or un-trusted sources

   Use Microsoft Office File Block policy to block the opening of Office
   2003 and earlier documents from unknown or untrusted sources and
   locations

   Modify Access Control List (ACL) on VBE6.DLL to deny access to the
   Everyone group

File Format Parsing Vulnerability - CVE-2008-3471

   A remote code execution vulnerability exists in Microsoft Excel as a
   result of improper memory allocation when loading Excel objects. The
   vulnerability could allow remote code execution if a user opens a
   specially crafted Excel file that includes a malformed object. An
   attacker who successfully exploited this vulnerability could take
   complete control of an affected system. An attacker could then install
   programs; view, change, or delete data; or create new accounts with
   full user rights.

Workarounds for File Format Parsing Vulnerability - CVE-2008-3471

   Use the Microsoft Office Isolated Conversion Environment (MOICE) when
   opening files from unknown or un-trusted sources

   Use Microsoft Office File Block policy to block the opening of Office
   2003 and earlier documents from unknown or untrusted sources and
   locations

Formula Parsing Vulnerability - CVE-2008-4019

   The specific flaw exists when parsing Microsoft Excel documents
   containing a specially crafted formula embedded inside a cell. This
   can result in a remote compromise of the system under the context of
   the currently logged in user.

Workarounds for Formula Parsing Vulnerability - CVE-2008-4019

   Microsoft has not identified any workarounds for this vulnerability.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================